From 6db4a24e070492e69456cb4457f23b1046e20176 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 19 Mar 2019 16:54:07 +0100 Subject: [PATCH 01/20] add letsencrypt validation with --proxy --- wo/cli/templates/virtualconf-php7.mustache | 15 +++++++++++++-- wo/cli/templates/virtualconf.mustache | 15 +++++++++++++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/wo/cli/templates/virtualconf-php7.mustache b/wo/cli/templates/virtualconf-php7.mustache index 1ca898d..3f0e45b 100644 --- a/wo/cli/templates/virtualconf-php7.mustache +++ b/wo/cli/templates/virtualconf-php7.mustache @@ -25,12 +25,23 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + + # Security settings for better privacy + # Deny hidden files + location ~ /\.(?!well-known\/) { + deny all; + } + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + allow all; + } {{/proxy}} {{^proxy}} root {{webroot}}/htdocs; - {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}} + index {{^static}}index.php{{/static}} index.html index.htm; {{#static}} location / { @@ -41,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php73.conf;{{/basic}}{{#wpfc}}common/wpfc-php73.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php73.conf;{{/wpsc}}{{#wpredis}}common/redis-php73.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php73.conf;{{/wp}} - {{^proxy}}include common/locations-php73.conf;{{/proxy}} + include common/locations-php73.conf; include {{webroot}}/conf/nginx/*.conf; {{/proxy}} } diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache index 653a5aa..a566c06 100644 --- a/wo/cli/templates/virtualconf.mustache +++ b/wo/cli/templates/virtualconf.mustache @@ -25,12 +25,23 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + + # Security settings for better privacy + # Deny hidden files + location ~ /\.(?!well-known\/) { + deny all; + } + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + allow all; + } {{/proxy}} {{^proxy}} root {{webroot}}/htdocs; - {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}} + index {{^static}}index.php{{/static}} index.html index.htm; {{#static}} location / { @@ -41,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php72.conf;{{/basic}}{{#wpfc}}common/wpfc-php72.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php72.conf;{{/wpsc}}{{#wpredis}}common/redis-php72.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php72.conf;{{/wp}} - {{^proxy}}include common/locations-php72.conf;{{/proxy}} + include common/locations-php72.conf; include {{webroot}}/conf/nginx/*.conf; {{/proxy}} } From d5dbbe650064866c44ecebdec2413f357ed5602e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 19 Mar 2019 16:58:35 +0100 Subject: [PATCH 02/20] add letsencrypt support for --proxy --- CHANGELOG.md | 1 + wo/cli/plugins/log.py | 48 ++++++++++++++++----------------- wo/cli/plugins/secure.py | 18 ++++++------- wo/cli/plugins/stack_migrate.py | 7 ++--- wo/cli/plugins/stack_upgrade.py | 11 ++++---- wo/cli/plugins/sync.py | 13 ++++----- 6 files changed, 51 insertions(+), 47 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 710f261..e635ccc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - IPv6 support with HTTPS - Brotli support in Nginx +- Let's Encrypt support with --proxy #### Changed diff --git a/wo/cli/plugins/log.py b/wo/cli/plugins/log.py index 14579e9..6ee45c0 100644 --- a/wo/cli/plugins/log.py +++ b/wo/cli/plugins/log.py @@ -57,7 +57,7 @@ class WOLogShowController(CementBaseController): action='store_true')), (['site_name'], dict(help='Website Name', nargs='?', default=None)) - ] + ] usage = "wo log show [] [options]" @expose(hide=True) @@ -68,17 +68,17 @@ class WOLogShowController(CementBaseController): if self.app.pargs.php: self.app.pargs.nginx = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (not self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True @@ -185,7 +185,7 @@ class WOLogResetController(CementBaseController): action='store_true')), (['site_name'], dict(help='Website Name', nargs='?', default=None)) - ] + ] usage = "wo log reset [] [options]" @expose(hide=True) @@ -197,9 +197,9 @@ class WOLogResetController(CementBaseController): self.app.pargs.nginx = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name) - and (not self.app.pargs.slow_log_db)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (not self.app.pargs.site_name) + and (not self.app.pargs.slow_log_db)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True @@ -207,9 +207,9 @@ class WOLogResetController(CementBaseController): self.app.pargs.slow_log_db = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name) - and (not self.app.pargs.slow-log-db)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (self.app.pargs.site_name) + and (not self.app.pargs.slow-log-db)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True @@ -324,7 +324,7 @@ class WOLogGzipController(CementBaseController): action='store_true')), (['site_name'], dict(help='Website Name', nargs='?', default=None)) - ] + ] usage = "wo log gzip [] [options]" @expose(hide=True) @@ -336,16 +336,16 @@ class WOLogGzipController(CementBaseController): self.app.pargs.nginx = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True @@ -461,7 +461,7 @@ class WOLogMailController(CementBaseController): (['--to'], dict(help='Email addresses to send log files', action='append', dest='to', nargs=1, required=True)), - ] + ] usage = "wo log mail [] [options]" @expose(hide=True) @@ -473,16 +473,16 @@ class WOLogMailController(CementBaseController): self.app.pargs.nginx = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name)): + and (not self.app.pargs.mysql) and (not self.app.pargs.access) + and (not self.app.pargs.wp) and (self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py index 8050ade..ae2b9eb 100644 --- a/wo/cli/plugins/secure.py +++ b/wo/cli/plugins/secure.py @@ -38,19 +38,19 @@ class WOSecureController(CementBaseController): @expose(hide=True) def default(self): - if self.app.pargs.auth: - self.secure_auth() - if self.app.pargs.port: - self.secure_port() - if self.app.pargs.ip: - self.secure_ip() + if self.app.pargs.auth: + self.secure_auth() + if self.app.pargs.port: + self.secure_port() + if self.app.pargs.ip: + self.secure_ip() @expose(hide=True) def secure_auth(self): """This function secures authentication""" passwd = ''.join([random.choice - (string.ascii_letters + string.digits) - for n in range(6)]) + (string.ascii_letters + string.digits) + for n in range(6)]) if not self.app.pargs.user_input: username = input("Provide HTTP authentication user " "name [{0}] :".format(WOVariables.wo_user)) @@ -125,7 +125,7 @@ class WOSecureController(CementBaseController): user_ip = ['127.0.0.1'] for ip_addr in user_ip: if not ("exist_ip_address "+ip_addr in open('/etc/nginx/common/' - 'acl.conf').read()): + 'acl.conf').read()): WOShellExec.cmd_exec(self, "sed -i " "\"/deny/i allow {whitelist_address}\;\"" " /etc/nginx/common/acl.conf" diff --git a/wo/cli/plugins/stack_migrate.py b/wo/cli/plugins/stack_migrate.py index 64c612e..058d076 100644 --- a/wo/cli/plugins/stack_migrate.py +++ b/wo/cli/plugins/stack_migrate.py @@ -21,7 +21,7 @@ class WOStackMigrateController(CementBaseController): (['--mariadb'], dict(help="Migrate database to MariaDB", action='store_true')), - ] + ] @expose(hide=True) def migrate_mariadb(self): @@ -97,10 +97,11 @@ class WOStackMigrateController(CementBaseController): self.app.args.print_help() if self.app.pargs.mariadb: if WOVariables.wo_mysql_host is not "localhost": - Log.error(self, "Remote MySQL server in use, skipping local install") + Log.error( + self, "Remote MySQL server in use, skipping local install") if WOShellExec.cmd_exec(self, "mysqladmin ping") and (not - WOAptGet.is_installed(self, 'mariadb-server')): + WOAptGet.is_installed(self, 'mariadb-server')): Log.info(self, "If your database size is big, " "migration may take some time.") diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 7b0caed..b9aa927 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -41,7 +41,7 @@ class WOStackUpgradeController(CementBaseController): (['--no-prompt'], dict(help="Upgrade Packages without any prompt", action='store_true')), - ] + ] @expose(hide=True) def upgrade_php56(self): @@ -72,7 +72,8 @@ class WOStackUpgradeController(CementBaseController): WOAptGet.update(self) Log.info(self, "Installing packages, please wait ...") if (WOVariables.wo_platform_distro == 'ubuntu'): - WOAptGet.install(self, WOVariables.wo_php + WOVariables.wo_php_extra) + WOAptGet.install(self, WOVariables.wo_php + + WOVariables.wo_php_extra) else: WOAptGet.install(self, WOVariables.wo_php) @@ -86,9 +87,9 @@ class WOStackUpgradeController(CementBaseController): packages = [] if ((not self.app.pargs.web) and (not self.app.pargs.nginx) and - (not self.app.pargs.php) and (not self.app.pargs.mysql) and - (not self.app.pargs.all) and (not self.app.pargs.wpcli) and - (not self.app.pargs.redis) and (not self.app.pargs.nginxmainline)): + (not self.app.pargs.php) and (not self.app.pargs.mysql) and + (not self.app.pargs.all) and (not self.app.pargs.wpcli) and + (not self.app.pargs.redis) and (not self.app.pargs.nginxmainline)): self.app.pargs.web = True if self.app.pargs.all: diff --git a/wo/cli/plugins/sync.py b/wo/cli/plugins/sync.py index bdee23a..d646544 100644 --- a/wo/cli/plugins/sync.py +++ b/wo/cli/plugins/sync.py @@ -44,21 +44,22 @@ class WOSyncController(CementBaseController): if site.site_type != 'mysql': Log.debug(self, "Searching wp-config.php in {0}/htdocs/ " .format(wo_site_webroot)) - configfiles = glob.glob(wo_site_webroot + '/htdocs/wp-config.php') + configfiles = glob.glob( + wo_site_webroot + '/htdocs/wp-config.php') if configfiles: if WOFileUtils.isexist(self, configfiles[0]): wo_db_name = (WOFileUtils.grep(self, configfiles[0], - 'DB_NAME').split(',')[1] + 'DB_NAME').split(',')[1] .split(')')[0].strip().replace('\'', '')) wo_db_user = (WOFileUtils.grep(self, configfiles[0], - 'DB_USER').split(',')[1] + 'DB_USER').split(',')[1] .split(')')[0].strip().replace('\'', '')) wo_db_pass = (WOFileUtils.grep(self, configfiles[0], - 'DB_PASSWORD').split(',')[1] + 'DB_PASSWORD').split(',')[1] .split(')')[0].strip().replace('\'', '')) wo_db_host = (WOFileUtils.grep(self, configfiles[0], - 'DB_HOST').split(',')[1] + 'DB_HOST').split(',')[1] .split(')')[0].strip().replace('\'', '')) # Check if database really exist @@ -84,7 +85,7 @@ class WOSyncController(CementBaseController): db_host=wo_db_host) else: Log.debug(self, "Config files not found for {0} " - .format(site.sitename)) + .format(site.sitename)) def load(app): From 57bd6257db48a7a51034328c1f06565331fb1119 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 02:12:13 +0100 Subject: [PATCH 03/20] Adding load-balancing on unix sockets --- .travis.yml | 1 + install | 7 + wo/cli/plugins/site_functions.py | 3 - wo/cli/plugins/stack.py | 309 +++++++++++++-------- wo/cli/templates/stub_status.mustache | 31 +++ wo/cli/templates/upstream.mustache | 6 +- wo/cli/templates/virtualconf-php7.mustache | 4 +- wo/cli/templates/virtualconf.mustache | 4 +- 8 files changed, 238 insertions(+), 127 deletions(-) create mode 100644 wo/cli/templates/stub_status.mustache diff --git a/.travis.yml b/.travis.yml index f06e849..89cdaf1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,6 +30,7 @@ script: - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo site create proxy.com --proxy=127.0.0.1:3000 - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc || sudo tail -n50 /var/log/wo/wordops.log diff --git a/install b/install index 55c5329..0e3814f 100644 --- a/install +++ b/install @@ -385,6 +385,7 @@ wo_upgrade_nginx() { # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) + CHECK_NGINX_VERSION=$(/usr/sbin/nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15) if [ -n "$CHECK_NGINX_EE" ]; then { # add new Nginx repository @@ -410,12 +411,18 @@ wo_upgrade_nginx() sudo apt-get update # stop nginx service nginx stop + # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom # install new nginx package if [ -x /usr/local/bin/wo ]; then + # backup nginx conf + cd /etc || exit 1 + tar -I pigz -cf backup-nginx.tar.gz nginx + cd || exit 1 rm -f /etc/nginx/conf.d/{upstream.conf,redis.conf,fastcgi.conf} + rm -f /etc/nginx/common/{php72.conf,php73.conf,wpcommon-php72.conf,wpcommon-php73.conf,locations-php72.conf,locations-php73.conf,redis-php72.conf,redis-php73.conf,wpfc-php72.conf,wpfc-php73.conf,wpsc-php72.conf,wpsc-php73.conf} rm -f /etc/nginx/*.default /usr/local/bin/wo stack install else diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 98d20e2..9f0c781 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -107,9 +107,6 @@ def setupdomain(self, data): '/etc/nginx/sites-enabled/{0}' .format(wo_domain_name)]) - if 'proxy' in data.keys() and data['proxy']: - return - # Creating htdocs & logs directory Log.info(self, "Setting up webroot \t\t", end='') try: diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index c67df0d..f809b1a 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -186,52 +186,68 @@ class WOStackController(CementBaseController): wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME ' '\t$request_filename;\n') - if not (os.path.isfile('/etc/nginx/common/wpfc-php72.conf')): - # Change WordOpsVersion in nginx.conf file - WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", - "# add_header", - "add_header") + if not (os.path.isfile('/etc/nginx/common/wpfc-php72.conf')): + # Change WordOpsVersion in nginx.conf file + WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", + "# add_header", + "add_header") - WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", - "\"WordOps\"", - "\"WordOps v{0}\"" - .format(WOVariables.wo_version)) - data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/blockips.conf') - wo_nginx = open('/etc/nginx/conf.d/blockips.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'blockips.mustache', out=wo_nginx) - wo_nginx.close() + WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", + "\"WordOps\"", + "\"WordOps v{0}\"" + .format(WOVariables.wo_version)) + data = dict() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/blockips.conf') + wo_nginx = open('/etc/nginx/conf.d/blockips.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'blockips.mustache', out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/fastcgi.conf') - wo_nginx = open('/etc/nginx/conf.d/fastcgi.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'fastcgi.mustache', out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/fastcgi.conf') + wo_nginx = open('/etc/nginx/conf.d/fastcgi.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'fastcgi.mustache', out=wo_nginx) + wo_nginx.close() - data = dict(php="9000", debug="9001", - php7="9070", debug7="9170", - php7conf=True - if WOAptGet.is_installed(self, 'php7.0-fpm') - else False) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/upstream.conf') - wo_nginx = open('/etc/nginx/conf.d/upstream.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'upstream.mustache', out=wo_nginx) - wo_nginx.close() + data = dict(php="9000", debug="9001", + php7="9070", debug7="9170", + php7conf=True + if WOAptGet.is_installed(self, 'php7.0-fpm') + else False) + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/upstream.conf') + wo_nginx = open('/etc/nginx/conf.d/upstream.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'upstream.mustache', out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/map-wp.conf') - wo_nginx = open('/etc/nginx/conf.d/map-wp.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'map-wp.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/map-wp.conf') + wo_nginx = open('/etc/nginx/conf.d/map-wp.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'map-wp.mustache', + out=wo_nginx) + wo_nginx.close() + + if not (os.path.isfile('/etc/nginx/conf.d/stub_status.conf')): + data = dict(phpconf=True if + WOAptGet.is_installed(self, 'php7.2-fpm') + else False) + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/stub_status.conf') + wo_nginx = open('/etc/nginx/conf.d/stub_status.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'stub_status.mustache', out=wo_nginx) + wo_nginx.close() if not (os.path.isfile('/etc/nginx/conf.d/webp.conf')): + data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/conf.d/webp.conf') wo_nginx = open('/etc/nginx/conf.d/webp.conf', @@ -246,64 +262,64 @@ class WOStackController(CementBaseController): '/etc/nginx/common') os.makedirs('/etc/nginx/common') - data = dict(webroot=WOVariables.wo_webroot) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/acl.conf') - wo_nginx = open('/etc/nginx/common/acl.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'acl.mustache', - out=wo_nginx) - wo_nginx.close() + data = dict(webroot=WOVariables.wo_webroot) + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/acl.conf') + wo_nginx = open('/etc/nginx/common/acl.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'acl.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php72.conf') - wo_nginx = open('/etc/nginx/common/locations-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'locations.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/locations-php72.conf') + wo_nginx = open('/etc/nginx/common/locations-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'locations.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/php72.conf') - wo_nginx = open('/etc/nginx/common/php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'php.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/php72.conf') + wo_nginx = open('/etc/nginx/common/php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'php.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpcommon-php72.conf') - wo_nginx = open('/etc/nginx/common/wpcommon-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpcommon.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpcommon-php72.conf') + wo_nginx = open('/etc/nginx/common/wpcommon-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpcommon.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpfc-php72.conf') - wo_nginx = open('/etc/nginx/common/wpfc-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpfc.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpfc-php72.conf') + wo_nginx = open('/etc/nginx/common/wpfc-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpfc.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpsc-php72.conf') - wo_nginx = open('/etc/nginx/common/wpsc-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpsc.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpsc-php72.conf') + wo_nginx = open('/etc/nginx/common/wpsc-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpsc.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpsubdir.conf') - wo_nginx = open('/etc/nginx/common/wpsubdir.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpsubdir.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpsubdir.conf') + wo_nginx = open('/etc/nginx/common/wpsubdir.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpsubdir.mustache', + out=wo_nginx) + wo_nginx.close() - # php7 conf + # php73 conf if not os.path.isfile("/etc/nginx/common/php73.conf"): # data = dict() Log.debug(self, 'Writting the nginx configuration to ' @@ -499,14 +515,16 @@ class WOStackController(CementBaseController): + "\nHTTP Auth Password : {0}".format(passwd)) WOService.reload_service(self, 'nginx') else: - self.msg = (self.msg + ["HTTP Auth User Name: WordOps"] - + ["HTTP Auth Password : {0}".format(passwd)]) + self.msg = (self.msg + ["HTTP Auth User " + "Name: WordOps"] + + ["HTTP Auth Password : {0}".format(passwd)]) else: WOService.restart_service(self, 'nginx') if WOAptGet.is_installed(self, 'redis-server'): if (os.path.isfile("/etc/nginx/nginx.conf") and - not os.path.isfile("/etc/nginx/common/redis-php72.conf")): + not os.path.isfile("/etc/nginx/common/" + "redis-php72.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' @@ -518,7 +536,8 @@ class WOStackController(CementBaseController): wo_nginx.close() if (os.path.isfile("/etc/nginx/nginx.conf") and - not os.path.isfile("/etc/nginx/common/redis-php73.conf")): + not os.path.isfile("/etc/nginx/common/" + "redis-php73.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/redis-php73.conf') @@ -540,11 +559,18 @@ class WOStackController(CementBaseController): if (os.path.isfile("/etc/nginx/nginx.conf") and not os.path.isfile("/etc/nginx/conf.d/redis.conf")): - with open("/etc/nginx/conf.d/redis.conf", "a") as redis_file: + with open("/etc/nginx/conf.d/" + "redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" - "log_format rt_cache_redis '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] '\n" - "'$http_host \"$request\" $status $body_bytes_sent '\n" - "'\"$http_referer\" \"$http_user_agent\"';\n") + "log_format rt_cache_redis " + "'$remote_addr " + "$upstream_response_time " + "$srcache_fetch_status " + "[$time_local] '\n" + "'$http_host \"$request\" $status" + " $body_bytes_sent '\n" + "'\"$http_referer\" " + "\"$http_user_agent\"';\n") # setup nginx common folder for php7 if self.app.pargs.php73: if (os.path.isdir("/etc/nginx/common") and @@ -591,7 +617,8 @@ class WOStackController(CementBaseController): wo_nginx.close() if (os.path.isdir("/etc/nginx/common") and - not os.path.isfile("/etc/nginx/common/redis-php73.conf")): + not os.path.isfile("/etc/nginx/common/" + "redis-php73.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/redis-php73.conf') @@ -602,15 +629,20 @@ class WOStackController(CementBaseController): wo_nginx.close() if os.path.isfile("/etc/nginx/conf.d/upstream.conf"): - if not WOFileUtils.grep(self, "/etc/nginx/conf.d/upstream.conf", + if not WOFileUtils.grep(self, "/etc/nginx/conf.d/" + "upstream.conf", "php73"): - with open("/etc/nginx/conf.d/upstream.conf", "a") as php_file: - php_file.write("upstream php73 {\nserver unix:/var/run/php/php73-fpm.sock;\n}\n" - "upstream debug73 {\nserver 127.0.0.1:9173;\n}\n") + with open("/etc/nginx/conf.d/" + "upstream.conf", "a") as php_file: + php_file.write("upstream php73 {\nserver unix:" + "/var/run/php/php73-fpm.sock;\n}\n" + "upstream debug73 {\nserver " + "127.0.0.1:9173;\n}\n") if set(WOVariables.wo_redis).issubset(set(apt_packages)): if (os.path.isfile("/etc/nginx/nginx.conf") and - not os.path.isfile("/etc/nginx/common/redis-php72.conf")): + not os.path.isfile("/etc/nginx/common/" + "redis-php72.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' @@ -655,13 +687,23 @@ class WOStackController(CementBaseController): # Parse etc/php/7.2/fpm/php.ini config = configparser.ConfigParser() - Log.debug(self, "configuring php file /etc/php/7.2/fpm/php.ini") + Log.debug(self, "configuring php file " + "/etc/php/7.2/fpm/php.ini") config.read('/etc/php/7.2/fpm/php.ini') config['PHP']['expose_php'] = 'Off' config['PHP']['post_max_size'] = '100M' config['PHP']['upload_max_filesize'] = '100M' config['PHP']['max_execution_time'] = '300' - config['PHP']['date.timezone'] = WOVariables.wo_timezone + config['PHP']['max_input_vars'] = '20000' + config['Date']['date.timezone'] = WOVariables.wo_timezone + config['opcache']['opcache.enable'] = '1' + config['opcache']['opcache.interned_strings_buffer'] = '8' + config['opcache']['opcache.max_accelerated_files'] = '10000' + config['opcache']['opcache.memory_consumption'] = '256' + config['opcache']['opcache.save_comments'] = '1' + config['opcache']['opcache.revalidate_freq'] = '5' + config['opcache']['opcache.validate_timestamps'] = '1' + config['opcache']['opcache.consistency_checks'] = '0' with open('/etc/php/7.2/fpm/php.ini', encoding='utf-8', mode='w') as configfile: Log.debug(self, "Writting php configuration into " @@ -681,15 +723,16 @@ class WOStackController(CementBaseController): # Parse /etc/php/7.2/fpm/pool.d/www.conf config = configparser.ConfigParser() - config.read_file(codecs.open('/etc/php/7.2/fpm/pool.d/www.conf', + config.read_file(codecs.open('/etc/php/7.2/fpm/' + 'pool.d/www.conf', "r", "utf8")) config['www']['ping.path'] = '/ping' config['www']['pm.status_path'] = '/status' - config['www']['pm.max_requests'] = '100' - config['www']['pm.max_children'] = '25' - config['www']['pm.start_servers'] = '5' - config['www']['pm.min_spare_servers'] = '2' - config['www']['pm.max_spare_servers'] = '5' + config['www']['pm.max_requests'] = '1500' + config['www']['pm.max_children'] = '50' + config['www']['pm.start_servers'] = '10' + config['www']['pm.min_spare_servers'] = '5' + config['www']['pm.max_spare_servers'] = '15' config['www']['request_terminate_timeout'] = '100' config['www']['pm'] = 'ondemand' config['www']['chdir'] = '/' @@ -702,6 +745,20 @@ class WOStackController(CementBaseController): "/etc/php/7.2/fpm/pool.d/www.conf") config.write(configfile) + # Generate /etc/php/7.2/fpm/pool.d/www-two.conf + WOFileUtils.copyfile(self, "/etc/php/7.2/fpm/pool.d/www.conf", + "/etc/php/7.2/fpm/pool.d/www-two.conf") + WOFileUtils.searchreplace(self, "/etc/php/7.2/fpm/pool.d/" + "www-two.conf", "[www]", "[www-two]") + config = configparser.ConfigParser() + config.read('/etc/php/7.2/fpm/pool.d/www-two.conf') + config['www-two']['listen'] = 'php72-two-fpm.sock' + with open('/etc/php/7.2/fpm/pool.d/www-two.conf', + encoding='utf-8', mode='w') as confifile: + Log.debug(self, "writting PHP7.2 configuration into " + "/etc/php/7.2/fpm/pool.d/www-two.conf") + config.write(confifile) + # Generate /etc/php/7.2/fpm/pool.d/debug.conf WOFileUtils.copyfile(self, "/etc/php/7.2/fpm/pool.d/www.conf", "/etc/php/7.2/fpm/pool.d/debug.conf") @@ -729,8 +786,11 @@ class WOStackController(CementBaseController): "profiler_enable] = off\n") # Disable xdebug - if not WOShellExec.cmd_exec(self, "grep -q \';zend_extension\' /etc/php/7.2/mods-available/xdebug.ini"): - WOFileUtils.searchreplace(self, "/etc/php/7.2/mods-available/" + if not WOShellExec.cmd_exec(self, "grep -q \';zend_extension\'" + " /etc/php/7.2/mods-available/" + "xdebug.ini"): + WOFileUtils.searchreplace(self, "/etc/php/7.2/" + "mods-available/" "xdebug.ini", "zend_extension", ";zend_extension") @@ -781,13 +841,23 @@ class WOStackController(CementBaseController): # Parse etc/php/7.3/fpm/php.ini config = configparser.ConfigParser() - Log.debug(self, "configuring php file /etc/php/7.3/fpm/php.ini") + Log.debug(self, "configuring php file /etc/php/7.3/" + "fpm/php.ini") config.read('/etc/php/7.3/fpm/php.ini') config['PHP']['expose_php'] = 'Off' config['PHP']['post_max_size'] = '100M' config['PHP']['upload_max_filesize'] = '100M' config['PHP']['max_execution_time'] = '300' - config['PHP']['date.timezone'] = WOVariables.wo_timezone + config['PHP']['max_input_vars'] = '20000' + config['Date']['date.timezone'] = WOVariables.wo_timezone + config['opcache']['opcache.enable'] = '1' + config['opcache']['opcache.interned_strings_buffer'] = '8' + config['opcache']['opcache.max_accelerated_files'] = '10000' + config['opcache']['opcache.memory_consumption'] = '256' + config['opcache']['opcache.save_comments'] = '1' + config['opcache']['opcache.revalidate_freq'] = '5' + config['opcache']['opcache.validate_timestamps'] = '1' + config['opcache']['opcache.consistency_checks'] = '0' with open('/etc/php/7.3/fpm/php.ini', encoding='utf-8', mode='w') as configfile: Log.debug(self, "Writting php configuration into " @@ -806,11 +876,12 @@ class WOStackController(CementBaseController): # Parse /etc/php/7.3/fpm/pool.d/www.conf config = configparser.ConfigParser() - config.read_file(codecs.open('/etc/php/7.3/fpm/pool.d/www.conf', + config.read_file(codecs.open('/ etc/php/7.3/fpm/' + 'pool.d/www.conf', "r", "utf8")) config['www']['ping.path'] = '/ping' config['www']['pm.status_path'] = '/status' - config['www']['pm.max_requests'] = '500' + config['www']['pm.max_requests'] = '1500' config['www']['pm.max_children'] = '100' config['www']['pm.start_servers'] = '20' config['www']['pm.min_spare_servers'] = '10' diff --git a/wo/cli/templates/stub_status.mustache b/wo/cli/templates/stub_status.mustache new file mode 100644 index 0000000..8c04dcc --- /dev/null +++ b/wo/cli/templates/stub_status.mustache @@ -0,0 +1,31 @@ +# Stub status NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE +{{#phpconf}} +upstream phpstatus { + server unix:/run/php/php7.2-fpm.sock; +} +{{/phpconf}} +server { + listen 127.0.0.1:80; + server_name 127.0.0.1 localhost; + access_log off; + log_not_found off; + root /var/www/html; + location ~ /(stub_status|nginx_status) { + stub_status on; + allow 127.0.0.1; + deny all; + access_log off; + log_not_found off; + } + {{#phpconf}} + location ~ /(status|ping) { + include fastcgi_params; + allow 127.0.0.1; + deny all; + fastcgi_pass phpstatus; + access_log off; + log_not_found off; + } + {{/phpconf}} +} diff --git a/wo/cli/templates/upstream.mustache b/wo/cli/templates/upstream.mustache index 64a5e95..736a551 100644 --- a/wo/cli/templates/upstream.mustache +++ b/wo/cli/templates/upstream.mustache @@ -30,7 +30,12 @@ server 127.0.0.1:{{debug7}}; # PHP 7.2 upstream with load-balancing on two unix sockets upstream php72 { + least_conn; + server unix:/var/run/php/php72-fpm.sock; + server unix:/var/run/php/php72-two-fpm.sock; + + keepalive 5; } # PHP 7.2 debug @@ -63,4 +68,3 @@ upstream netdata { server 127.0.0.1:19999; keepalive 64; } - diff --git a/wo/cli/templates/virtualconf-php7.mustache b/wo/cli/templates/virtualconf-php7.mustache index 3f0e45b..c06e1e7 100644 --- a/wo/cli/templates/virtualconf-php7.mustache +++ b/wo/cli/templates/virtualconf-php7.mustache @@ -52,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php73.conf;{{/basic}}{{#wpfc}}common/wpfc-php73.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php73.conf;{{/wpsc}}{{#wpredis}}common/redis-php73.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php73.conf;{{/wp}} - include common/locations-php73.conf; + include common/locations-php73.conf;{{/proxy}} include {{webroot}}/conf/nginx/*.conf; - {{/proxy}} + } diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache index a566c06..5aea885 100644 --- a/wo/cli/templates/virtualconf.mustache +++ b/wo/cli/templates/virtualconf.mustache @@ -52,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php72.conf;{{/basic}}{{#wpfc}}common/wpfc-php72.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php72.conf;{{/wpsc}}{{#wpredis}}common/redis-php72.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php72.conf;{{/wp}} - include common/locations-php72.conf; + include common/locations-php72.conf;{{/proxy}} include {{webroot}}/conf/nginx/*.conf; - {{/proxy}} + } From 037e531fe361c1e31f381724281a21e883382e1c Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 02:29:40 +0100 Subject: [PATCH 04/20] fix webroot for proxy --- wo/cli/plugins/site.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 5794b5d..36bee17 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -326,7 +326,8 @@ class WOSiteCreateController(CementBaseController): dict(help="create WordPress single/multi site with wpsc cache", action='store_true')), (['--wpredis'], - dict(help="create WordPress single/multi site with redis cache", + dict(help="create WordPress single/multi site " + "with redis cache", action='store_true')), (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", @@ -342,8 +343,9 @@ class WOSiteCreateController(CementBaseController): dest='wppass')), (['--proxy'], dict(help="create proxy for site", nargs='+')), - (['--vhostonly'], - dict(help="only create vhost and database without installing WordPress", nargs='+')), + (['--vhostonly'], dict(help="only create vhost and database " + "without installing WordPress", + action='store_true')), (['--experimental'], dict(help="Enable Experimental packages without prompt", action='store_true')), @@ -406,7 +408,7 @@ class WOSiteCreateController(CementBaseController): data['proxy'] = True data['host'] = host data['port'] = port - wo_site_webroot = "" + wo_site_webroot = WOVariables.wo_webroot + wo_domain if self.app.pargs.php73: data = dict(site_name=wo_domain, www_domain=wo_www_domain, @@ -461,10 +463,10 @@ class WOSiteCreateController(CementBaseController): data['basic'] = True if (cache == 'wpredis'): - cache = 'wpredis' - data['wpredis'] = True - data['basic'] = False - self.app.pargs.wpredis = True + cache = 'wpredis' + data['wpredis'] = True + data['basic'] = False + self.app.pargs.wpredis = True # Check rerequired packages are installed or not wo_auth = site_package_check(self, stype) From 96424f849f4069a8b2b832566e11923c81a0d55c Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 02:49:46 +0100 Subject: [PATCH 05/20] fix identation --- wo/cli/plugins/stack.py | 312 ++++++++++++++++++++-------------------- 1 file changed, 156 insertions(+), 156 deletions(-) diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index f809b1a..27b0536 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -186,189 +186,189 @@ class WOStackController(CementBaseController): wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME ' '\t$request_filename;\n') - if not (os.path.isfile('/etc/nginx/common/wpfc-php72.conf')): - # Change WordOpsVersion in nginx.conf file - WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", - "# add_header", - "add_header") + if not (os.path.isfile('/etc/nginx/common/wpfc-php72.conf')): + # Change WordOpsVersion in nginx.conf file + WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", + "# add_header", + "add_header") - WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", - "\"WordOps\"", - "\"WordOps v{0}\"" - .format(WOVariables.wo_version)) - data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/blockips.conf') - wo_nginx = open('/etc/nginx/conf.d/blockips.conf', - encoding='utf-8', mode='w') - self.app.render( - (data), 'blockips.mustache', out=wo_nginx) - wo_nginx.close() + WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", + "\"WordOps\"", + "\"WordOps v{0}\"" + .format(WOVariables.wo_version)) + data = dict() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/blockips.conf') + wo_nginx = open('/etc/nginx/conf.d/blockips.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'blockips.mustache', out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/fastcgi.conf') - wo_nginx = open('/etc/nginx/conf.d/fastcgi.conf', - encoding='utf-8', mode='w') - self.app.render( - (data), 'fastcgi.mustache', out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/fastcgi.conf') + wo_nginx = open('/etc/nginx/conf.d/fastcgi.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'fastcgi.mustache', out=wo_nginx) + wo_nginx.close() - data = dict(php="9000", debug="9001", + data = dict(php="9000", debug="9001", php7="9070", debug7="9170", php7conf=True if WOAptGet.is_installed(self, 'php7.0-fpm') else False) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/upstream.conf') - wo_nginx = open('/etc/nginx/conf.d/upstream.conf', - encoding='utf-8', mode='w') - self.app.render( - (data), 'upstream.mustache', out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/upstream.conf') + wo_nginx = open('/etc/nginx/conf.d/upstream.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'upstream.mustache', out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/map-wp.conf') - wo_nginx = open('/etc/nginx/conf.d/map-wp.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'map-wp.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/map-wp.conf') + wo_nginx = open('/etc/nginx/conf.d/map-wp.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'map-wp.mustache', + out=wo_nginx) + wo_nginx.close() - if not (os.path.isfile('/etc/nginx/conf.d/stub_status.conf')): - data = dict(phpconf=True if - WOAptGet.is_installed(self, 'php7.2-fpm') - else False) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/stub_status.conf') - wo_nginx = open('/etc/nginx/conf.d/stub_status.conf', - encoding='utf-8', mode='w') - self.app.render( - (data), 'stub_status.mustache', out=wo_nginx) - wo_nginx.close() + if not (os.path.isfile('/etc/nginx/conf.d/stub_status.conf')): + data = dict(phpconf=True if + WOAptGet.is_installed(self, 'php7.2-fpm') + else False) + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/stub_status.conf') + wo_nginx = open('/etc/nginx/conf.d/stub_status.conf', + encoding='utf-8', mode='w') + self.app.render( + (data), 'stub_status.mustache', out=wo_nginx) + wo_nginx.close() - if not (os.path.isfile('/etc/nginx/conf.d/webp.conf')): - data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/conf.d/webp.conf') - wo_nginx = open('/etc/nginx/conf.d/webp.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'webp.mustache', - out=wo_nginx) - wo_nginx.close() + if not (os.path.isfile('/etc/nginx/conf.d/webp.conf')): + data = dict() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/conf.d/webp.conf') + wo_nginx = open('/etc/nginx/conf.d/webp.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'webp.mustache', + out=wo_nginx) + wo_nginx.close() # Setup Nginx common directory - if not os.path.exists('/etc/nginx/common'): - Log.debug(self, 'Creating directory' - '/etc/nginx/common') - os.makedirs('/etc/nginx/common') + if not os.path.exists('/etc/nginx/common'): + Log.debug(self, 'Creating directory' + '/etc/nginx/common') + os.makedirs('/etc/nginx/common') - data = dict(webroot=WOVariables.wo_webroot) - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/acl.conf') - wo_nginx = open('/etc/nginx/common/acl.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'acl.mustache', - out=wo_nginx) - wo_nginx.close() + data = dict(webroot=WOVariables.wo_webroot) + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/acl.conf') + wo_nginx = open('/etc/nginx/common/acl.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'acl.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php72.conf') - wo_nginx = open('/etc/nginx/common/locations-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'locations.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/locations-php72.conf') + wo_nginx = open('/etc/nginx/common/locations-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'locations.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/php72.conf') - wo_nginx = open('/etc/nginx/common/php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'php.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/php72.conf') + wo_nginx = open('/etc/nginx/common/php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'php.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpcommon-php72.conf') - wo_nginx = open('/etc/nginx/common/wpcommon-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpcommon.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpcommon-php72.conf') + wo_nginx = open('/etc/nginx/common/wpcommon-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpcommon.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpfc-php72.conf') - wo_nginx = open('/etc/nginx/common/wpfc-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpfc.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpfc-php72.conf') + wo_nginx = open('/etc/nginx/common/wpfc-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpfc.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpsc-php72.conf') - wo_nginx = open('/etc/nginx/common/wpsc-php72.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpsc.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpsc-php72.conf') + wo_nginx = open('/etc/nginx/common/wpsc-php72.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpsc.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpsubdir.conf') - wo_nginx = open('/etc/nginx/common/wpsubdir.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpsubdir.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpsubdir.conf') + wo_nginx = open('/etc/nginx/common/wpsubdir.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpsubdir.mustache', + out=wo_nginx) + wo_nginx.close() # php73 conf - if not os.path.isfile("/etc/nginx/common/php73.conf"): + if not os.path.isfile("/etc/nginx/common/php73.conf"): # data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php73.conf') - wo_nginx = open('/etc/nginx/common/locations-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'locations-php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/locations-php73.conf') + wo_nginx = open('/etc/nginx/common/locations-php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'locations-php7.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/php73.conf') - wo_nginx = open('/etc/nginx/common/php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/php73.conf') + wo_nginx = open('/etc/nginx/common/php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'php7.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpcommon-php73.conf') - wo_nginx = open('/etc/nginx/common/wpcommon-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpcommon-php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpcommon-php73.conf') + wo_nginx = open('/etc/nginx/common/wpcommon-php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpcommon-php7.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpfc-php73.conf') - wo_nginx = open('/etc/nginx/common/wpfc-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpfc-php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpfc-php73.conf') + wo_nginx = open('/etc/nginx/common/wpfc-php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpfc-php7.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/wpsc-php73.conf') - wo_nginx = open('/etc/nginx/common/wpsc-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'wpsc-php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/wpsc-php73.conf') + wo_nginx = open('/etc/nginx/common/wpsc-php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'wpsc-php7.mustache', + out=wo_nginx) + wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/redis-php73.conf') - wo_nginx = open('/etc/nginx/common/redis-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'redis-php7.mustache', - out=wo_nginx) - wo_nginx.close() + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/redis-php73.conf') + wo_nginx = open('/etc/nginx/common/redis-php73.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'redis-php7.mustache', + out=wo_nginx) + wo_nginx.close() # Nginx-Plus does not have nginx # package structure like this From 02b5eebc376bbcca49571005621413b000fcf226 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 03:17:41 +0100 Subject: [PATCH 06/20] fix typo --- wo/cli/plugins/stack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 27b0536..8b04c8d 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -876,7 +876,7 @@ class WOStackController(CementBaseController): # Parse /etc/php/7.3/fpm/pool.d/www.conf config = configparser.ConfigParser() - config.read_file(codecs.open('/ etc/php/7.3/fpm/' + config.read_file(codecs.open('/etc/php/7.3/fpm/' 'pool.d/www.conf', "r", "utf8")) config['www']['ping.path'] = '/ping' From 9c693724b53b2d40c94de8ad6a98a65e7077f867 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 03:21:39 +0100 Subject: [PATCH 07/20] add load-balancing for php7.3 --- .travis.yml | 4 ++-- wo/cli/plugins/stack.py | 22 ++++++++++++++++++---- wo/cli/templates/upstream.mustache | 5 +++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 89cdaf1..55e40ed 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ script: - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo site create proxy.com --proxy=127.0.0.1:3000 + - sudo wo site create proxy.com --proxy=127.0.0.1:3000 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc || sudo tail -n50 /var/log/wo/wordops.log @@ -61,4 +61,4 @@ script: - sudo wp --allow-root --info - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.sh/$(basename wordops.tar.gz) && echo "" || sudo echo "transfer.sh is down" + - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.vtbox.net/$(basename wordops.tar.gz) && echo "" || sudo echo "transfer.sh is down" diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 8b04c8d..f0fd43e 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -882,10 +882,10 @@ class WOStackController(CementBaseController): config['www']['ping.path'] = '/ping' config['www']['pm.status_path'] = '/status' config['www']['pm.max_requests'] = '1500' - config['www']['pm.max_children'] = '100' - config['www']['pm.start_servers'] = '20' - config['www']['pm.min_spare_servers'] = '10' - config['www']['pm.max_spare_servers'] = '30' + config['www']['pm.max_children'] = '50' + config['www']['pm.start_servers'] = '10' + config['www']['pm.min_spare_servers'] = '5' + config['www']['pm.max_spare_servers'] = '15' config['www']['request_terminate_timeout'] = '300' config['www']['pm'] = 'ondemand' config['www']['chdir'] = '/' @@ -897,6 +897,20 @@ class WOStackController(CementBaseController): Log.debug(self, "writting PHP 7.3 configuration into " "/etc/php/7.3/fpm/pool.d/www.conf") config.write(configfile) + + # Generate /etc/php/7.3/fpm/pool.d/www-two.conf + WOFileUtils.copyfile(self, "/etc/php/7.3/fpm/pool.d/www.conf", + "/etc/php/7.3/fpm/pool.d/www-two.conf") + WOFileUtils.searchreplace(self, "/etc/php/7.3/fpm/pool.d/" + "www-two.conf", "[www]", "[www-two]") + config = configparser.ConfigParser() + config.read('/etc/php/7.3/fpm/pool.d/www-two.conf') + config['www-two']['listen'] = 'php73-two-fpm.sock' + with open('/etc/php/7.3/fpm/pool.d/www-two.conf', + encoding='utf-8', mode='w') as confifile: + Log.debug(self, "writting PHP7.3 configuration into " + "/etc/php/7.3/fpm/pool.d/www-two.conf") + config.write(confifile) # Generate /etc/php/7.3/fpm/pool.d/debug.conf WOFileUtils.copyfile(self, "/etc/php/7.3/fpm/pool.d/www.conf", diff --git a/wo/cli/templates/upstream.mustache b/wo/cli/templates/upstream.mustache index 736a551..61019af 100644 --- a/wo/cli/templates/upstream.mustache +++ b/wo/cli/templates/upstream.mustache @@ -50,7 +50,12 @@ server 127.0.0.1:9172; # PHP 7.3 upstream with load-balancing on two unix sockets upstream php73 { + least_conn; + server unix:/var/run/php/php73-fpm.sock; + server unix:/var/run/php/php73-two-fpm.sock; + + keepalive 5; } # PHP 7.3 debug From fa8fadcb5231c7f9d190a38af8d47d8c477a7dc2 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 04:47:00 +0100 Subject: [PATCH 08/20] fix webroot in 22222 --- wo/cli/plugins/stack.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index f0fd43e..36b0e81 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -373,21 +373,21 @@ class WOStackController(CementBaseController): # Nginx-Plus does not have nginx # package structure like this # So creating directories - if (set(["nginx-plus"]).issubset(set(apt_packages)) or - set(["nginx"]).issubset(set(apt_packages))): - Log.info(self, - "Installing WordOpsConfigurations for" "NGINX") - if not os.path.exists('/etc/nginx/sites-available'): - Log.debug(self, 'Creating directory' - '/etc/nginx/sites-available') - os.makedirs('/etc/nginx/sites-available') + if (set(["nginx"]).issubset(set(apt_packages))): + Log.info(self, + "Installing WordOpsConfigurations for" "NGINX") + if not os.path.exists('/etc/nginx/sites-available'): + Log.debug(self, 'Creating directory' + '/etc/nginx/sites-available') + os.makedirs('/etc/nginx/sites-available') - if not os.path.exists('/etc/nginx/sites-enabled'): - Log.debug(self, 'Creating directory' - '/etc/nginx/sites-available') - os.makedirs('/etc/nginx/sites-enabled') + if not os.path.exists('/etc/nginx/sites-enabled'): + Log.debug(self, 'Creating directory' + '/etc/nginx/sites-available') + os.makedirs('/etc/nginx/sites-enabled') # 22222 port settings + data = dict(webroot=WOVariables.wo_webroot) Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/sites-available/' '22222') @@ -897,7 +897,7 @@ class WOStackController(CementBaseController): Log.debug(self, "writting PHP 7.3 configuration into " "/etc/php/7.3/fpm/pool.d/www.conf") config.write(configfile) - + # Generate /etc/php/7.3/fpm/pool.d/www-two.conf WOFileUtils.copyfile(self, "/etc/php/7.3/fpm/pool.d/www.conf", "/etc/php/7.3/fpm/pool.d/www-two.conf") From 8618b32f29395f73a0f18553f4a1ea67fa5cdbf9 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 12:55:26 +0100 Subject: [PATCH 09/20] fix wo info --- wo/cli/plugins/clean.py | 19 ++++++++------- wo/cli/plugins/info.py | 13 ++++++----- wo/cli/plugins/log.py | 40 ++++++++++++++++---------------- wo/cli/plugins/site.py | 2 +- wo/cli/plugins/site_functions.py | 26 ++++++++++----------- 5 files changed, 51 insertions(+), 49 deletions(-) diff --git a/wo/cli/plugins/clean.py b/wo/cli/plugins/clean.py index b94e5f8..6400c13 100644 --- a/wo/cli/plugins/clean.py +++ b/wo/cli/plugins/clean.py @@ -19,7 +19,8 @@ class WOCleanController(CementBaseController): label = 'clean' stacked_on = 'base' stacked_type = 'nested' - description = ('Clean NGINX FastCGI cache, Opcache, Memcached, Redis Cache') + description = ( + 'Clean NGINX FastCGI cache, Opcache, Memcached, Redis Cache') arguments = [ (['--all'], dict(help='Clean all cache', action='store_true')), @@ -31,7 +32,7 @@ class WOCleanController(CementBaseController): dict(help='Clean OpCache', action='store_true')), (['--redis'], dict(help='Clean Redis Cache', action='store_true')), - ] + ] usage = "wo clean [options]" @expose(hide=True) @@ -90,13 +91,13 @@ class WOCleanController(CementBaseController): wp = urllib.request.urlopen(" https://127.0.0.1:22222/cache" "/opcache/opgui.php?page=reset").read() except Exception as e: - Log.debug(self, "{0}".format(e)) - Log.debug(self, "Unable hit url, " - " https://127.0.0.1:22222/cache/opcache/opgui.php?page=reset," - " please check you have admin tools installed") - Log.debug(self, "please check you have admin tools installed," - " or install them with `wo stack install --admin`") - Log.error(self, "Unable to clean opcache", False) + Log.debug(self, "{0}".format(e)) + Log.debug(self, "Unable hit url, " + " https://127.0.0.1:22222/cache/opcache/opgui.php?page=reset," + " please check you have admin tools installed") + Log.debug(self, "please check you have admin tools installed," + " or install them with `wo stack install --admin`") + Log.error(self, "Unable to clean opcache", False) def load(app): diff --git a/wo/cli/plugins/info.py b/wo/cli/plugins/info.py index 16309a3..467334a 100644 --- a/wo/cli/plugins/info.py +++ b/wo/cli/plugins/info.py @@ -41,9 +41,9 @@ class WOInfoController(CementBaseController): @expose(hide=True) def info_nginx(self): """Display Nginx information""" - version = os.popen("nginx -v 2>&1 | cut -d':' -f2 | cut -d' ' -f2 | " - "cut -d'/' -f2 | tr -d '\n'").read() - allow = os.popen("grep ^allow /etc/nginx/common/acl.conf | " + version = os.popen("nginx -v 2 > &1 | awk - F '/' '{print $2}' | '" + "awk -F ' ' '{print $1}'").read() + allow = os.popen("grep allow /etc/nginx/common/acl.conf | " "cut -d' ' -f2 | cut -d';' -f1 | tr '\n' ' '").read() nc = NginxConfig() nc.loadf('/etc/nginx/nginx.conf') @@ -242,8 +242,8 @@ class WOInfoController(CementBaseController): @expose(hide=True) def default(self): """default function for info""" - if (not self.app.pargs.nginx and not self.app.pargs.php - and not self.app.pargs.mysql and not self.app.pargs.php73): + if (not self.app.pargs.nginx and not self.app.pargs.php and + not self.app.pargs.mysql and not self.app.pargs.php73): self.app.pargs.nginx = True self.app.pargs.php = True self.app.pargs.mysql = True @@ -251,7 +251,8 @@ class WOInfoController(CementBaseController): self.app.pargs.php73 = True if self.app.pargs.nginx: - if WOAptGet.is_installed(self, 'nginx-custom') or WOAptGet.is_installed(self, 'nginx-common'): + if (WOAptGet.is_installed(self, 'nginx-custom') or + WOAptGet.is_installed(self, 'nginx-common')): self.info_nginx() else: Log.error(self, "Nginx is not installed") diff --git a/wo/cli/plugins/log.py b/wo/cli/plugins/log.py index 6ee45c0..5f7436f 100644 --- a/wo/cli/plugins/log.py +++ b/wo/cli/plugins/log.py @@ -196,20 +196,20 @@ class WOLogResetController(CementBaseController): if self.app.pargs.php: self.app.pargs.nginx = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name) - and (not self.app.pargs.slow_log_db)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (not self.app.pargs.site_name) and + (not self.app.pargs.slow_log_db)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True self.app.pargs.slow_log_db = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name) - and (not self.app.pargs.slow-log-db)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (self.app.pargs.site_name) and + (not self.app.pargs.slow-log-db)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True @@ -335,17 +335,17 @@ class WOLogGzipController(CementBaseController): if self.app.pargs.php: self.app.pargs.nginx = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (not self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True @@ -472,17 +472,17 @@ class WOLogMailController(CementBaseController): if self.app.pargs.php: self.app.pargs.nginx = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (not self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (not self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.fpm = True self.app.pargs.mysql = True self.app.pargs.access = True - if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) - and (not self.app.pargs.mysql) and (not self.app.pargs.access) - and (not self.app.pargs.wp) and (self.app.pargs.site_name)): + if ((not self.app.pargs.nginx) and (not self.app.pargs.fpm) and + (not self.app.pargs.mysql) and (not self.app.pargs.access) and + (not self.app.pargs.wp) and (self.app.pargs.site_name)): self.app.pargs.nginx = True self.app.pargs.wp = True self.app.pargs.access = True diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 36bee17..92dcf5f 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1099,7 +1099,7 @@ class WOSiteUpdateController(CementBaseController): else: data['letsencrypt'] = True letsencrypt = True - wildcard = True + wildcard = False if pargs.wpredis and data['currcachetype'] != 'wpredis': data['wpredis'] = True diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 9f0c781..05c90b4 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1194,9 +1194,9 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='', raise SiteError("dbhost not provided") deleteDB(self, dbname, dbuser, dbhost) + + # setup letsencrypt for domain + www.domain - - def setupLetsEncrypt(self, wo_domain_name): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf" @@ -1450,16 +1450,16 @@ def archivedCertificateHandle(self, domain): "certificate for your site.\nIt may take a " "few minutes depending on your network.") ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " - "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--install-cert -d {1} --ecc " - "--cert-file {0}/{1}/cert.pem " - "--key-file {0}/{1}/key.pem " - "--fullchain-file " - "{0}/{1}/fullchain.pem " - "--reloadcmd " - "\"service nginx restart\" " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, domain)) if ssl: @@ -1511,7 +1511,7 @@ def archivedCertificateHandle(self, domain): "--force" .format(domain)) - if issuessl: + if ssl: try: From 644d86b33bf256bfd9436c48e1eec9e85bd21188 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 21:59:56 +0100 Subject: [PATCH 10/20] update migration script --- install | 262 ++++++++++++++++--------------- wo/cli/plugins/site_functions.py | 15 +- wo/cli/plugins/stack.py | 42 +++-- 3 files changed, 159 insertions(+), 160 deletions(-) diff --git a/install b/install index 0e3814f..f289f30 100644 --- a/install +++ b/install @@ -10,7 +10,7 @@ # Version 3.9.4 - 2019-03-15 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.1" +readonly wo_version_new="3.9.4.2" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -28,19 +28,19 @@ TPUT_INFO=$(tput setaf 7) TPUT_ECHO=$(tput setaf 4) wo_lib_echo () { - - echo "${*}${TPUT_RESET}" + + echo "${TPUT_ECHO}${*}${TPUT_RESET}" } wo_lib_echo_info() { - + echo "${TPUT_INFO}${*}${TPUT_RESET}" } wo_lib_echo_fail() { - + echo "${TPUT_FAIL}${*}${TPUT_RESET}" } @@ -71,7 +71,7 @@ echo "" # 1- Update the apt sewers with fresh info ### wo_lib_echo "Updating apt-get repository info" -apt-get update &>> /dev/null +apt-get update -qq &>> /dev/null ### # 1- Check whether lsb_release is installed, and if not, install it @@ -91,7 +91,7 @@ readonly wo_linux_distro=$(lsb_release -is) readonly wo_distro_version=$(lsb_release -sc) readonly wo_distro_id=$(lsb_release -rs) -if [ -x /usr/loca/bin/ee ]; then +if [ -x /usr/local/bin/ee ]; then migration=1 else migration=0 @@ -116,13 +116,13 @@ fi ### # 1 - To prevent errors or unexpected behaviour, create the log and ACL it ### -if [ ! -d $wo_log_dir ]; then - +if [ ! -d "$wo_log_dir" ]; then + wo_lib_echo "Creating WordOps log directory, just a second..." - mkdir -p $wo_log_dir || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? - + mkdir -p "$wo_log_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? + touch /var/log/wo/{wordops.log,install.log} - + chmod -R 700 /var/log/wo || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $? fi @@ -131,15 +131,15 @@ fi #### wo_install_dep() { - + { if [ "$wo_linux_distro" == "Ubuntu" ]; then - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1 else wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1 fi - + locale-gen en } >> /var/log/wo/install.log 2>&1 # Support PFS @@ -150,7 +150,7 @@ wo_install_dep() # Change the TLS protocols sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf fi - + # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge @@ -169,23 +169,23 @@ wo_sync_db() if [ -f /var/lib/ee/ee.db ]; then # Create the WordOps folder mkdir -p /var/lib/wo - + # Backup the nginx directory tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz - + # Copy the EasyEngine database cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db - + # Set the migration variable for the closing text migration=1 - + ### # Clean WO installation ### elif [ ! -d /var/lib/wo ]; then # Create the directory holding the WordOps database mkdir -p /var/lib/wo - + # Create an empty database for WordOps echo "CREATE TABLE sites ( id INTEGER PRIMARY KEY AUTOINCREMENT, @@ -205,12 +205,12 @@ wo_sync_db() is_hhvm INT INT DEFAULT '0', php_version VARCHAR );" | sqlite3 /var/lib/wo/dbase.db - + if [ -f /var/lib/wo/dbase-ee.db ]; then # Copy the main EasyEngine database over since we are migrating cp /var/lib/wo/dbase-ee.db /var/lib/wo/dbase.db fi - + # Check site is enable/live or disable cd /etc/nginx/sites-available || exit 1 for site in $(echo \* | grep -v default); @@ -220,10 +220,10 @@ wo_sync_db() else wo_site_status='0' fi - + # Acquire information about the current nginx configuration wo_site_current_type=$(head -n1 "/etc/nginx/sites-available/$site" | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5) - + # Sniff out the vhost type and cache configuration if [ "$wo_site_current_type" = "HTML" ]; then wo_site_current="html" @@ -234,7 +234,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "MYSQL" ]; then wo_site_current="mysql" wo_site_current_cache="basic" - + # Caching types on a single WordPress installation elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then wo_site_current="wp" @@ -245,7 +245,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then wo_site_current="wp" wo_site_current_cache="wpfc" - + # Caching types on a single, subdirectory WordPress installation elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then wo_site_current="wpsubdir" @@ -256,7 +256,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then wo_site_current="wpsubdir" wo_site_current_cache="wpfc" - + # Caching types on a single, subdomain WordPress installation elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then wo_site_current="wpsubdomain" @@ -268,9 +268,9 @@ wo_sync_db() wo_site_current="wpsubdomain" wo_site_current_cache="wpfc" fi - + wo_webroot="/var/www/$site" - + # Import the configuration into the WordOps SQLite database echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db @@ -285,22 +285,22 @@ wo_sync_db() echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db fi - - + + echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db - + } # Once again, set the proper ACL on the WordOps configuration directory secure_wo_db() { - + # The owner is root chown -R root:root /var/lib/wo/ # Only allow access by root, block others chmod -R 600 /var/lib/wo/ - + } # Update the WP-CLI version @@ -350,13 +350,13 @@ wo_install_acme_sh() { --cert-home /etc/letsencrypt/renewal # enable auto-upgrade /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade - + # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge chown -R www-data:www-data /var/www/html /var/www/html/.well-known fi - + } >> /var/log/wo/install.log 2>&1 fi } @@ -367,91 +367,104 @@ wo_install() { rm -rf /tmp/easyengine rm -rf /tmp/wordops - + [ -z "$wo_branch" ] && { wo_branch=master } - + git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet - + cd /tmp/wordops || exit 1 } >> /var/log/wo/install.log 2>&1; python3 setup.py install - - + + } wo_upgrade_nginx() { - # chec if the package nginx-ee is installed - CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) - CHECK_NGINX_VERSION=$(/usr/sbin/nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15) - if [ -n "$CHECK_NGINX_EE" ]; then - { - # add new Nginx repository - if [ "$wo_linux_distro" = "Ubuntu" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" + + { + # create backup directory + mkdir -p /var/lib/wo/backup + + # backup all sites available + /usr/bin/rsync -az /etc/nginx/ /var/lib/wo/backup/nginx/ + + # chec if the package nginx-ee is installed + CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) + CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo) + CHECK_PHP72=$(dpkg --list | grep php7.2-fpm) + CHECK_PHP73=$(dpkg --list | grep php7.3-fpm) + + # add new Nginx repository + if [ "$wo_linux_distro" = "Ubuntu" ]; then + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" + else + if [ "$wo_distro_version" == "jessie" ]; then + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key else - if [ "$wo_distro_version" == "jessie" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key - else - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key - fi + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key fi - # prevent apt preference to block install - [ -f /etc/apt/preferences.d/nginx-block ] && { - mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" - } - # import the respository key for updates - apt-key add - < /tmp/nginx-wo.key - rm -f /tmp/nginx-wo.key - sudo apt-get update - # stop nginx - service nginx stop - + fi + # prevent apt preference to block install + [ -f /etc/apt/preferences.d/nginx-block ] && { + mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" + } + # import the respository key for updates + apt-key add - < /tmp/nginx-wo.key + rm -f /tmp/nginx-wo.key + sudo apt-get update + # stop nginx + service nginx stop + + if [ -n "$CHECK_NGINX_EE" ]; then # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom - apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom - # install new nginx package - if [ -x /usr/local/bin/wo ]; then - # backup nginx conf - cd /etc || exit 1 - tar -I pigz -cf backup-nginx.tar.gz nginx - cd || exit 1 - rm -f /etc/nginx/conf.d/{upstream.conf,redis.conf,fastcgi.conf} - rm -f /etc/nginx/common/{php72.conf,php73.conf,wpcommon-php72.conf,wpcommon-php73.conf,locations-php72.conf,locations-php73.conf,redis-php72.conf,redis-php73.conf,wpfc-php72.conf,wpfc-php73.conf,wpsc-php72.conf,wpsc-php73.conf} - rm -f /etc/nginx/*.default - /usr/local/bin/wo stack install - else - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confnew" -y install nginx-custom nginx-wo - fi - # set back apt preference - [ -f "$HOME/nginx-block" ] && { - mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block - } - # update nginx headers and ssl_ciphers - if [ -f /etc/nginx/nginx.conf ]; then - sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/nginx.conf &>> /dev/null - new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" - sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf - fi - # update redis.conf headers - if [ -f /etc/nginx/common/redis.conf ]; then - sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - fi - systemctl enable nginx - systemctl restart nginx - } >> /var/log/wo/install.log 2>&1 - fi + apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge + elif [ -n "$CHECK_NGINX_WO" ]; then + apt-mark unhold nginx-wo nginx-common nginx-custom + apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge + fi + # remove previous php-fpm pool configuration + if [ -n "$CHECK_PHP72" ]; then + apt-get remove php7.2-fpm -y -qq --purge + rm -f /etc/php/7.2/fpm/pool.d/* + fi + if [ -n "$CHECK_PHP73" ]; then + apt-get remove php7.3-fpm -y -qq --purge + rm -f /etc/php/7.3/fpm/pool.d/* + fi + + # install new nginx package + if [ -x /usr/local/bin/wo ]; then + /usr/local/bin/wo stack install --nginx --php --php73 + fi + + # restore sites and configuration + /usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/ + + # set back apt preference + [ -f "$HOME/nginx-block" ] && { + mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block + } + # update redis.conf headers + if [ -f /etc/nginx/common/redis.conf ]; then + sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + fi + systemctl enable nginx + systemctl restart nginx + } >> /var/log/wo/install.log 2>&1 + } wo_update_latest() { - + if [ -f /etc/nginx/fastcgi_params ] then grep -q 'HTTP_PROXY' /etc/nginx/fastcgi_params @@ -461,7 +474,7 @@ wo_update_latest() service nginx restart &>> /dev/null fi fi - + if [ -f /etc/ImageMagick/policy.xml ] then if [ ! -f /etc/ImageMagick/patch.txt ] @@ -470,40 +483,33 @@ wo_update_latest() sed -i '//r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml fi fi - + # Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf - if [ ! -f /etc/mysql/conf.d/my.cnf ] - then + if [ ! -f /etc/mysql/conf.d/my.cnf ]; then # create conf.d folder if not exist - if [ ! -d /etc/mysql/conf.d ]; then + [ ! -d /etc/mysql/conf.d ] && { mkdir -p /etc/mysql/conf.d chmod 755 /etc/mysql/conf.d - fi - if [ -d /etc/mysql/conf.d ] - then - if [ -f ~/.my.cnf ] - then - cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null - chmod 600 /etc/mysql/conf.d/my.cnf - else - if [ -f /root/.my.cnf ] - then - cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null - chmod 600 /etc/mysql/conf.d/my.cnf - else - wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..." - fi - fi + } + if [ -f $HOME/.my.cnf ]; then + cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + chmod 600 /etc/mysql/conf.d/my.cnf + + elif [ -f /root/.my.cnf ]; then + cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + chmod 600 /etc/mysql/conf.d/my.cnf + else + wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..." fi fi - + # Fix WordPress example.html issue # Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null if [ $? -eq 0 ]; then cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf &>> /dev/null fi - + # Fix Redis-server security issue # http://redis.io/topics/security if [ -f /etc/redis/redis.conf ]; then @@ -513,7 +519,7 @@ wo_update_latest() service redis-server restart &>> /dev/null fi fi - + } # Do git intialisation diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 05c90b4..f15401b 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -294,14 +294,14 @@ def setupwordpress(self, data): if not data['multisite']: Log.debug(self, "Generating wp-config for WordPress Single site") Log.debug(self, "bash -c \"php {0} --allow-root " - .format(WOVariables.wo_wpcli_path) - + "core config " - + "--dbname=\'{0}\' --dbprefix=\'{1}\' --dbuser=\'{2}\' " + .format(WOVariables.wo_wpcli_path) + + "core config " + + "--dbname=\'{0}\' --dbprefix=\'{1}\' --dbuser=\'{2}\' " "--dbhost=\'{3}\' " .format(data['wo_db_name'], wo_wp_prefix, - data['wo_db_user'], data['wo_db_host']) - + "--dbpass=\'{0}\' " - "--extra-php< Date: Wed, 20 Mar 2019 22:20:53 +0100 Subject: [PATCH 11/20] adding concatenate script --- wo/cli/plugins/site_functions.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index f15401b..25db7b0 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -301,10 +301,8 @@ def setupwordpress(self, data): .format(data['wo_db_name'], wo_wp_prefix, data['wo_db_user'], data['wo_db_host']) + "--dbpass=\'{0}\' " - "--extra-php< Date: Thu, 21 Mar 2019 17:27:51 +0100 Subject: [PATCH 12/20] fix opcache settings --- wo/cli/plugins/site_functions.py | 4 +--- wo/cli/plugins/stack.py | 12 +++++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 25db7b0..98e8855 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -314,11 +314,9 @@ def setupwordpress(self, data): data['wo_db_user'], data['wo_db_host'] ) + "--dbpass=\'{0}\' " - "--extra-php< Date: Fri, 22 Mar 2019 03:52:21 +0100 Subject: [PATCH 13/20] fixed hash_bucket_size error after migration --- install | 73 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 25 deletions(-) diff --git a/install b/install index f289f30..d1b0ac4 100644 --- a/install +++ b/install @@ -27,6 +27,7 @@ TPUT_FAIL=$(tput setaf 1) TPUT_INFO=$(tput setaf 7) TPUT_ECHO=$(tput setaf 4) + wo_lib_echo () { echo "${TPUT_ECHO}${*}${TPUT_RESET}" @@ -447,17 +448,32 @@ wo_upgrade_nginx() # restore sites and configuration /usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/ - # set back apt preference - [ -f "$HOME/nginx-block" ] && { - mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block - } # update redis.conf headers if [ -f /etc/nginx/common/redis.conf ]; then sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null fi - systemctl enable nginx - systemctl restart nginx + + VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) + # check if nginx -t do not return errors + if [ -z "$VERIFY_NGINX_CONFIG" ]; then + systemctl stop nginx + systemctl start nginx + else + VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") + if [ -n "$VERIFY_NGINX_BUCKET" ]; then + sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 64;/g" /etc/nginx/nginx.conf + fi + systemctl stop nginx + systemctl start nginx + fi + + # set back apt preference + [ -f "$HOME/nginx-block" ] && { + mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block + } + + } >> /var/log/wo/install.log 2>&1 } @@ -564,13 +580,19 @@ if [ -x /usr/local/bin/wo ]; then if [[ $? -ne 0 ]];then read -p "Update WordOps to $wo_version_new (y/n): " wo_ans if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then + wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log wo_install_dep | tee -ai $wo_install_log + wo_lib_echo "Syncing WO database" | tee -ai $wo_install_log wo_sync_db >> $wo_install_log 2>&1 secure_wo_db | tee -ai $wo_install_log + wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log wo_install | tee -ai $wo_install_log + wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log wo_upgrade_nginx | tee -ai $wo_install_log wo_update_latest | tee -ai $wo_install_log + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log wo_install_acme_sh | tee -ai $wo_install_log + wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log else @@ -582,25 +604,25 @@ if [ -x /usr/local/bin/wo ]; then else # 2 - Migration from EEv3 if [ -x /usr/local/bin/ee ]; then - ee -v 2>&1 | grep $wo_version_new &>> /dev/null - if [[ $? -ne 0 ]];then - read -p "Update WordOps to $wo_version_new (y/n): " wo_ans - if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then - wo_install_dep | tee -ai $wo_install_log - wo_sync_db >> $wo_install_log 2>&1 - secure_wo_db | tee -ai $wo_install_log - wo_install | tee -ai $wo_install_log - wo_upgrade_nginx | tee -ai $wo_install_log - wo_update_latest | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log - wo_git_init | tee -ai $wo_install_log - service nginx reload &>> /dev/null - wo_update_wp_cli | tee -ai $wo_install_log - else - wo_lib_error "Not updating WordOps to $wo_version_new, exit status = " 1 - fi + read -p "Migrate from EasyEngine to WordOps (y/n): " wo_ans + if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then + wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log + wo_install_dep | tee -ai $wo_install_log + wo_lib_echo "Syncing WO database" | tee -ai $wo_install_log + wo_sync_db >> $wo_install_log 2>&1 + secure_wo_db | tee -ai $wo_install_log + wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log + wo_install | tee -ai $wo_install_log + wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log + wo_upgrade_nginx | tee -ai $wo_install_log + wo_update_latest | tee -ai $wo_install_log + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log + wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log + wo_git_init | tee -ai $wo_install_log + wo_update_wp_cli | tee -ai $wo_install_log else - wo_lib_error "You already have WordOps $wo_version_new, exit status = " 1 + wo_lib_error "Not installing WordOps, exit status = " 1 fi else # 3 - Fresh WO setup @@ -608,10 +630,11 @@ else wo_install_dep | tee -ai $wo_install_log wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log wo_install | tee -ai $wo_install_log + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log secure_wo_db | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log fi fi From a1b2f2d2a6f7c207e4fbdb0bb6022f486ebe2eda Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 05:20:06 +0100 Subject: [PATCH 14/20] update db migration --- install | 168 +++++++++++++++++++++++++++----------------------------- 1 file changed, 81 insertions(+), 87 deletions(-) diff --git a/install b/install index d1b0ac4..bfb6287 100644 --- a/install +++ b/install @@ -167,28 +167,27 @@ wo_sync_db() ### # Switching from EE -> WO ### - if [ -f /var/lib/ee/ee.db ]; then + if [ ! -f /var/lib/wo/dbase.db ]; then # Create the WordOps folder mkdir -p /var/lib/wo - # Backup the nginx directory - tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz + if [ -f /var/lib/ee/ee.db ]; then + # Copy the EasyEngine database + cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db - # Copy the EasyEngine database - cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db + # Set the migration variable for the closing text + migration=1 - # Set the migration variable for the closing text - migration=1 + ### + # Clean WO installation + ### - ### - # Clean WO installation - ### - elif [ ! -d /var/lib/wo ]; then - # Create the directory holding the WordOps database - mkdir -p /var/lib/wo + cp /var/lib/ee/ee.db /var/lib/wo/dbase.db + rm -rf /var/lib/ee + else - # Create an empty database for WordOps - echo "CREATE TABLE sites ( + # Create an empty database for WordOps + echo "CREATE TABLE sites ( id INTEGER PRIMARY KEY AUTOINCREMENT, sitename UNIQUE, site_type CHAR, @@ -205,92 +204,87 @@ wo_sync_db() db_host VARCHAR, is_hhvm INT INT DEFAULT '0', php_version VARCHAR - );" | sqlite3 /var/lib/wo/dbase.db + );" | sqlite3 /var/lib/wo/dbase.db - if [ -f /var/lib/wo/dbase-ee.db ]; then - # Copy the main EasyEngine database over since we are migrating - cp /var/lib/wo/dbase-ee.db /var/lib/wo/dbase.db - fi + # Check site is enable/live or disable + AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)" + for site in $AV_SITES; + do + if [ -h "/etc/nginx/sites-enabled/$site" ]; then + wo_site_status='1' + else + wo_site_status='0' + fi - # Check site is enable/live or disable - cd /etc/nginx/sites-available || exit 1 - for site in $(echo \* | grep -v default); - do - if [ -f "/etc/nginx/sites-enabled/$site" ]; then - wo_site_status='1' - else - wo_site_status='0' - fi + # Acquire information about the current nginx configuration - # Acquire information about the current nginx configuration - wo_site_current_type=$(head -n1 "/etc/nginx/sites-available/$site" | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5) + wo_site_current_type=$(grep "common/" /etc/nginx/sites-available/$site | awk -F "/" '{print $2}') - # Sniff out the vhost type and cache configuration - if [ "$wo_site_current_type" = "HTML" ]; then - wo_site_current="html" - wo_site_current_cache="basic" - elif [ "$wo_site_current_type" = "PHP" ]; then - wo_site_current="php" - wo_site_current_cache="basic" - elif [ "$wo_site_current_type" = "MYSQL" ]; then - wo_site_current="mysql" - wo_site_current_cache="basic" + if [ "$(echo "$wo_site_current_type" | grep php)" ]; then + if [ "$(echo "$wo_site_current_type" | grep php7)" ]; then + php_version="7.0" + else + php_version="5.6" + fi + else + php_version="" + fi - # Caching types on a single WordPress installation - elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then - wo_site_current="wp" - wo_site_current_cache="basic" - elif [ "$wo_site_current_type" = "WPSINGLE WP SUPER CACHE" ]; then - wo_site_current="wp" - wo_site_current_cache="wpsc" - elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then - wo_site_current="wp" - wo_site_current_cache="wpfc" + if [ "$(echo "$wo_site_current_type" | grep redis)" ]; then + wo_site_current_cache="wpredis" + elif [ -z "$(echo "$wo_site_current_type" | grep wpsc)" ]; then + wo_site_current_cache="wpsc" + elif [ -z "$(echo "$wo_site_current_type" | grep wpfc)" ]; then + wo_site_current_cache="wpfc" + else + wo_site_current_cache="basic" + fi - # Caching types on a single, subdirectory WordPress installation - elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then - wo_site_current="wpsubdir" - wo_site_current_cache="basic" - elif [ "$wo_site_current_type" = "WPSUBDIR WP SUPER CACHE" ]; then - wo_site_current="wpsubdir" - wo_site_current_cache="wpsc" - elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then - wo_site_current="wpsubdir" - wo_site_current_cache="wpfc" + if [ "$(echo "$wo_site_current_type" | grep wp)" ]; then + if [ -z "$(echo "$wo_site_current_type" | grep wpsubdir)" ]; then + wo_site_current="wpsubdir" + elif [ -z "$(echo "$wo_site_current_type" | grep wpsudomain)" ]; then + wo_site_current="wpsubdomain" + else + wo_site_current="wp" + fi + else + if [ -z "$(echo "$wo_site_current_type" | grep location)" ]; then + wo_site_current="proxy" + elif [ -z "$(echo "$wo_site_current_type" | grep php)" ]; then + wo_site_current="html" + else + if [ -f /var/www/${site}/ee-config.php ] || [ -f /var/www/${site}/wo-config.php ]; then + wo_site_current="mysql" + else + wo_site_current="php" + fi + fi + fi - # Caching types on a single, subdomain WordPress installation - elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then - wo_site_current="wpsubdomain" - wo_site_current_cache="basic" - elif [ "$wo_site_current_type" = "WPSUBDOMAIN WP SUPER CACHE" ]; then - wo_site_current="wpsubdomain" - wo_site_current_cache="wpsc" - elif [ "$wo_site_current_type" = "WPSUBDOMAIN FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDOMAIN FASTCGI" ]; then - wo_site_current="wpsubdomain" - wo_site_current_cache="wpfc" - fi + done wo_webroot="/var/www/$site" # Import the configuration into the WordOps SQLite database echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db - done - else - wo_php_version="7.2" - wo_lib_echo "Updating WordOps Database" - echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db + + + wo_php_version="7.2" + wo_lib_echo "Updating WordOps Database" + echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db + echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db + echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db + echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db + echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db + echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db + fi + + +# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db +# echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db fi - - - echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db - echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db - } # Once again, set the proper ACL on the WordOps configuration directory From b740e31415f70ed2c816f92d2e1ec7e285a6392e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 06:01:02 +0100 Subject: [PATCH 15/20] update nginx_upgrade in install script --- install | 139 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 70 insertions(+), 69 deletions(-) diff --git a/install b/install index bfb6287..b7b213c 100644 --- a/install +++ b/install @@ -222,12 +222,12 @@ wo_sync_db() if [ "$(echo "$wo_site_current_type" | grep php)" ]; then if [ "$(echo "$wo_site_current_type" | grep php7)" ]; then - php_version="7.0" + wo_php_version="7.0" else - php_version="5.6" + wo_php_version="5.6" fi else - php_version="" + wo_php_version="" fi if [ "$(echo "$wo_site_current_type" | grep redis)" ]; then @@ -271,7 +271,6 @@ wo_sync_db() VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db - wo_php_version="7.2" wo_lib_echo "Updating WordOps Database" echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db @@ -282,8 +281,8 @@ wo_sync_db() fi -# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db -# echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db + # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db + # echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db fi } @@ -380,11 +379,7 @@ wo_upgrade_nginx() { { - # create backup directory - mkdir -p /var/lib/wo/backup - # backup all sites available - /usr/bin/rsync -az /etc/nginx/ /var/lib/wo/backup/nginx/ # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) @@ -394,80 +389,83 @@ wo_upgrade_nginx() # add new Nginx repository if [ "$wo_linux_distro" = "Ubuntu" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" else if [ "$wo_distro_version" == "jessie" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key else - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key fi fi - # prevent apt preference to block install - [ -f /etc/apt/preferences.d/nginx-block ] && { - mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" - } # import the respository key for updates apt-key add - < /tmp/nginx-wo.key rm -f /tmp/nginx-wo.key sudo apt-get update - # stop nginx - service nginx stop - if [ -n "$CHECK_NGINX_EE" ]; then - # remove previous package - apt-mark unhold nginx-ee nginx-common nginx-custom - apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge - elif [ -n "$CHECK_NGINX_WO" ]; then - apt-mark unhold nginx-wo nginx-common nginx-custom - apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge - fi - # remove previous php-fpm pool configuration - if [ -n "$CHECK_PHP72" ]; then - apt-get remove php7.2-fpm -y -qq --purge - rm -f /etc/php/7.2/fpm/pool.d/* - fi - if [ -n "$CHECK_PHP73" ]; then - apt-get remove php7.3-fpm -y -qq --purge - rm -f /etc/php/7.3/fpm/pool.d/* - fi + if [ -x /usr/sbin/nginx ] ; then + CHECK_BROTLI="$(nginx -V 2>&1 | grep brotli)" + if [ -z "$CHECK_BROTLI" ]; then - # install new nginx package - if [ -x /usr/local/bin/wo ]; then - /usr/local/bin/wo stack install --nginx --php --php73 - fi + # stop nginx + service nginx stop - # restore sites and configuration - /usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/ + # prevent apt preference to block install + [ -f /etc/apt/preferences.d/nginx-block ] && { + mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" + } - # update redis.conf headers - if [ -f /etc/nginx/common/redis.conf ]; then - sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - fi + if [ -n "$CHECK_NGINX_EE" ]; then + # remove previous package + apt-mark unhold nginx-ee nginx-common nginx-custom + apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge + elif [ -n "$CHECK_NGINX_WO" ]; then + apt-mark unhold nginx-wo nginx-common nginx-custom + apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge + fi + # remove previous php-fpm pool configuration + if [ -n "$CHECK_PHP72" ]; then + apt-get remove php7.2-fpm -y -qq --purge + rm -f /etc/php/7.2/fpm/pool.d/* + fi + if [ -n "$CHECK_PHP73" ]; then + apt-get remove php7.3-fpm -y -qq --purge + rm -f /etc/php/7.3/fpm/pool.d/* + fi - VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) - # check if nginx -t do not return errors - if [ -z "$VERIFY_NGINX_CONFIG" ]; then - systemctl stop nginx - systemctl start nginx - else - VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") - if [ -n "$VERIFY_NGINX_BUCKET" ]; then - sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 64;/g" /etc/nginx/nginx.conf + # install new nginx package + if [ -x /usr/local/bin/wo ]; then + /usr/local/bin/wo stack install --nginx --php --php73 + fi + + # restore sites and configuration + /usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/ + + # update redis.conf headers + if [ -f /etc/nginx/common/redis.conf ]; then + sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + fi + + VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) + # check if nginx -t do not return errors + if [ -z "$VERIFY_NGINX_CONFIG" ]; then + systemctl stop nginx + systemctl start nginx + else + VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") + if [ -n "$VERIFY_NGINX_BUCKET" ]; then + sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 64;/g" /etc/nginx/nginx.conf + fi + systemctl stop nginx + systemctl start nginx + fi + + # set back apt preference + [ -f "$HOME/nginx-block" ] && { + mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block + } fi - systemctl stop nginx - systemctl start nginx fi - - # set back apt preference - [ -f "$HOME/nginx-block" ] && { - mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block - } - - } >> /var/log/wo/install.log 2>&1 } @@ -502,14 +500,17 @@ wo_update_latest() chmod 755 /etc/mysql/conf.d } if [ -f $HOME/.my.cnf ]; then - cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + cp -f $HOME/.my.cnf /etc/mysql/conf.d/my.cnf chmod 600 /etc/mysql/conf.d/my.cnf elif [ -f /root/.my.cnf ]; then - cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf chmod 600 /etc/mysql/conf.d/my.cnf - else - wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..." + fi + else + if [ ! -f /root/.my.cnf ]; then + cp /etc/mysql/conf.d/my.cnf /root/.my.cnf + chmod 600 /root/.my.cnf fi fi From a675a50aef719cf5ea66098b9e2cca53e976dbb4 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 06:11:26 +0100 Subject: [PATCH 16/20] fix letsencrypt --- wo/cli/plugins/site_functions.py | 116 +++++++++++++++---------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 98e8855..92a9d80 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1229,44 +1229,43 @@ def setupLetsEncrypt(self, wo_domain_name): "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, wo_domain_name)) - if ssl: + if ssl: - try: - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + try: + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - sslconf.write("listen 443 ssl http2;\n" - "listen [::]:443 ssl http2;\n" - "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" - "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - sslconf.close() - updateSiteInfo(self, wo_domain_name, ssl=True) + sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("listen 443 ssl http2;\n" + "listen [::]:443 ssl http2;\n" + "ssl on;\n" + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() + updateSiteInfo(self, wo_domain_name, ssl=True) - WOGit.add(self, ["/etc/letsencrypt"], - msg="Adding letsencrypt folder") + WOGit.add(self, ["/etc/letsencrypt"], + msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to install certificate", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # setup letsencrypt for a subdomain def setupLetsEncryptSubdomain(self, wo_domain_name): - wo_wp_email = WOVariables.wo_email if os.path.isfile("{0}/{1}_ecc/{1}.conf" .format(WOVariables.wo_ssl_archive, wo_domain_name)): @@ -1274,7 +1273,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): .format(wo_domain_name)) ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate" + Log.info(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " @@ -1301,38 +1300,39 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, wo_domain_name)) - if ssl: - try: - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + if ssl: - sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - sslconf.write("listen 443 ssl http2;\n" - "listen [::]:443 ssl http2;\n" - "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" - "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - sslconf.close() - updateSiteInfo(self, wo_domain_name, ssl=True) + try: + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - WOGit.add(self, ["/etc/letsencrypt"], - msg="Adding letsencrypt folder") + sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("listen 443 ssl http2;\n" + "listen [::]:443 ssl http2;\n" + "ssl on;\n" + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() + updateSiteInfo(self, wo_domain_name, ssl=True) - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to install certificate", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + WOGit.add(self, ["/etc/letsencrypt"], + msg="Adding letsencrypt folder") + + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to create ssl.conf", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # letsencrypt cert renewal From dbda71c3ef5da6717185c2e77dc1ac387344c13a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 06:22:00 +0100 Subject: [PATCH 17/20] fix variable ssl --- wo/cli/plugins/site_functions.py | 201 +++++++++++++++---------------- 1 file changed, 100 insertions(+), 101 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 92a9d80..84d1949 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1205,62 +1205,62 @@ def setupLetsEncrypt(self, wo_domain_name): Log.warn(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") - sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -d www.{0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) - if sslissue: + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -d www.{0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + + if ssl: + + try: Log.debug(self, "Cert deployment for domain: {0}" .format(wo_domain_name)) - ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " - "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--install-cert -d {1} --ecc " - "--cert-file {0}/{1}/cert.pem " - "--key-file {0}/{1}/key.pem " - "--fullchain-file " - "{0}/{1}/fullchain.pem " - "--reloadcmd " - "\"service nginx restart\" " - .format(WOVariables.wo_ssl_live, - wo_domain_name)) - if ssl: + sslsetup = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - try: - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("listen 443 ssl http2;\n" + "listen [::]:443 ssl http2;\n" + "ssl on;\n" + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() + updateSiteInfo(self, wo_domain_name, ssl=True) - sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - sslconf.write("listen 443 ssl http2;\n" - "listen [::]:443 ssl http2;\n" - "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" - "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - sslconf.close() - updateSiteInfo(self, wo_domain_name, ssl=True) + WOGit.add(self, ["/etc/letsencrypt"], + msg="Adding letsencrypt folder") - WOGit.add(self, ["/etc/letsencrypt"], - msg="Adding letsencrypt folder") - - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to install certificate", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # setup letsencrypt for a subdomain @@ -1276,63 +1276,62 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): Log.info(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") - sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) - if sslissue: + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + if ssl: + + try: Log.debug(self, "Cert deployment for domain: {0}" .format(wo_domain_name)) - ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " - "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--install-cert -d {1} --ecc " - "--cert-file {0}/{1}/cert.pem " - "--key-file {0}/{1}/key.pem " - "--fullchain-file " - "{0}/{1}/fullchain.pem " - "--reloadcmd " - "\"service nginx restart\" " - .format(WOVariables.wo_ssl_live, - wo_domain_name)) + sslsetup = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) - if ssl: + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - try: - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("listen 443 ssl http2;\n" + "listen [::]:443 ssl http2;\n" + "ssl on;\n" + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() + updateSiteInfo(self, wo_domain_name, ssl=True) - sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - sslconf.write("listen 443 ssl http2;\n" - "listen [::]:443 ssl http2;\n" - "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" - "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - sslconf.close() - updateSiteInfo(self, wo_domain_name, ssl=True) + WOGit.add(self, ["/etc/letsencrypt"], + msg="Adding letsencrypt folder") - WOGit.add(self, ["/etc/letsencrypt"], - msg="Adding letsencrypt folder") - - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to create ssl.conf", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to create ssl.conf", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # letsencrypt cert renewal @@ -1541,4 +1540,4 @@ def archivedCertificateHandle(self, domain): '/var/www/{0}/conf/nginx/ssl.conf.bak' .format(domain)) - return ssl + return ssl From 434784effdd0f8d732aaefd290d9e27491cdebf2 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 06:30:01 +0100 Subject: [PATCH 18/20] simplify letsencryt info log --- wo/cli/plugins/site_functions.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 84d1949..e84226c 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1202,9 +1202,7 @@ def setupLetsEncrypt(self, wo_domain_name): .format(wo_domain_name)) ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate" - " for your site.\nIt may take a few minutes" - " depending on the network.") + Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " "--config-home " "'/etc/letsencrypt/config' " @@ -1216,7 +1214,7 @@ def setupLetsEncrypt(self, wo_domain_name): if ssl: try: - + Log.info(self, "Deploying SSL cert with acme.sh") Log.debug(self, "Cert deployment for domain: {0}" .format(wo_domain_name)) sslsetup = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " @@ -1273,9 +1271,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): .format(wo_domain_name)) ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.info(self, "Please wait while we fetch the new HTTPS certificate" - " for your site.\nIt may take a few minutes" - " depending on the network.") + Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " "--config-home " "'/etc/letsencrypt/config' " @@ -1286,8 +1282,8 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): if ssl: try: - - Log.debug(self, "Cert deployment for domain: {0}" + Log.info(self, "Deploying SSL cert with acme.sh") + Log.debug(self, "Deploying cert for domain: {0}" .format(wo_domain_name)) sslsetup = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " @@ -1442,9 +1438,7 @@ def archivedCertificateHandle(self, domain): .format(WOVariables.wo_ssl_live, domain)) if check_prompt == "1": - Log.info(self, "Please wait while we reinstall the Let's Encrypt " - "certificate for your site.\nIt may take a " - "few minutes depending on your network.") + Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " "--config-home " @@ -1497,9 +1491,7 @@ def archivedCertificateHandle(self, domain): updateSiteInfo(self, domain, ssl=True) elif (check_prompt == "3"): - Log.info(self, "Please wait while we renew the Let's Encrypt" - "certificate for your site.\nIt may take a few " - "minutes depending on your network.") + Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " "--config-home " "'/etc/letsencrypt/config' " From 423d8a93a73f2e997f4c9ebfd716e7cbc8f4f0a0 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 06:40:45 +0100 Subject: [PATCH 19/20] update php detection --- install | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/install b/install index b7b213c..99b7dee 100644 --- a/install +++ b/install @@ -422,19 +422,23 @@ wo_upgrade_nginx() apt-mark unhold nginx-wo nginx-common nginx-custom apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge fi - # remove previous php-fpm pool configuration - if [ -n "$CHECK_PHP72" ]; then - apt-get remove php7.2-fpm -y -qq --purge - rm -f /etc/php/7.2/fpm/pool.d/* - fi - if [ -n "$CHECK_PHP73" ]; then - apt-get remove php7.3-fpm -y -qq --purge - rm -f /etc/php/7.3/fpm/pool.d/* - fi + + + # install new nginx package if [ -x /usr/local/bin/wo ]; then - /usr/local/bin/wo stack install --nginx --php --php73 + # remove previous php-fpm pool configuration + if [ -n "$CHECK_PHP72" ]; then + apt-get remove php7.2-fpm -y -qq --purge + rm -f /etc/php/7.2/fpm/pool.d/* + fi + /usr/local/bin/wo stack install --nginx --php + if [ -n "$CHECK_PHP73" ]; then + apt-get remove php7.3-fpm -y -qq --purge + rm -f /etc/php/7.3/fpm/pool.d/* + /usr/local/bin/wo stack install --php73 + fi fi # restore sites and configuration From 019d07fc85a4b33940a479a3937c00b101dbd35f Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 22 Mar 2019 08:20:21 +0100 Subject: [PATCH 20/20] [skip travis] update changelog --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e635ccc..4ce7d25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,12 +15,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - IPv6 support with HTTPS - Brotli support in Nginx - Let's Encrypt support with --proxy +- Install script handle migration from EEv3 +- load-balancing on unix socket for php-fpm +- stub_status vhost for metrics +- opcache optimization for php-fpm #### Changed - letsencrypt stack refactored with acme.sh +- letsencrypt validation with webroot folder - "--letsencrypt=subdomain" option - hardened nginx ssl_ecdh_curve +- Update phpredisadmin #### Fixed @@ -28,6 +34,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - acme.sh installation - acme.sh alias with config home variable - deb.sury.org repository gpg key +- Nginx upgrade from previous WordOps release +- Force new Nginx templates during update +- Error message about missing my.cnf file during upgrade ### v3.9.4 - 2019-03-15